---
layout: docs
page_title: "audit enable - Vault CLI"
description: >-
  Create and enable a new audit device to capture log data from Vault.
---

# `audit enable`

Enable a new audit device.

<CodeBlockConfig hideClipboard>

```shell-session
$ vault audit enable [flags] <device_type> [options] [<config_argument=value>...]

$ vault audit enable [-help | -h]
```

</CodeBlockConfig>

## Description

`audit enable` creates and enables an audit device at the given path or returns
an error if an audit device already exists at the given path. The device
configuration parameters depend on the audit device type.

<Tip title="Related API endpoints">

  EnableAuditDevice - [`POST:/sys/audit/{mount-path}`](/vault/api-docs/system/audit#enable-audit-device)

</Tip>



## Command arguments

@include 'cli/audit/args/device_type.mdx'

Each audit device type also has a set of configuration arguments:

<Tabs>

<Tab heading="File">

<CodeBlockConfig hideClipboard>

```shell-session
$ vault audit enable [flags] file [options] \
    file_path=<path/to/log/file>            \
    [mode=<file_permissions>]
```

</CodeBlockConfig>

<br />

@include 'cli/audit/args/file/file_path.mdx'

<br /><hr /><br />

@include 'cli/audit/args/file/mode.mdx'

</Tab>

<Tab heading="Socket">

<CodeBlockConfig hideClipboard>

```shell-session
$ vault audit enable [flags] socket [options] \
    [address=<server_address>]                \
    [socket_type=<protocol>]                  \
    [write_timeout=<wait_time>]
```

</CodeBlockConfig>

<br />

@include 'cli/audit/args/socket/address.mdx'

<br /><hr /><br />

@include 'cli/audit/args/socket/socket_type.mdx'

<br /><hr /><br />

@include 'cli/audit/args/socket/write_timeout.mdx'

</Tab>

<Tab heading="Syslog">

<CodeBlockConfig hideClipboard>

```shell-session
$ vault audit enable [flags] syslog [options] \
    [facility=<process_entry_source>]         \
    [tag=<program_entry_source>]
```

</CodeBlockConfig>

<br />

@include 'cli/audit/args/syslog/facility.mdx'

<br /><hr /><br />

@include 'cli/audit/args/syslog/tag.mdx'

</Tab>

</Tabs>

## Command options

<br />

@include 'cli/audit/options/elide_list_responses.mdx'

<br /><hr /><br />

@include 'cli/audit/options/exclude.mdx'

<br /><hr /><br />

@include 'cli/audit/options/fallback.mdx'

<br /><hr /><br />

@include 'cli/audit/options/filter.mdx'

<br /><hr /><br />

@include 'cli/audit/options/format.mdx'

<br /><hr /><br />

@include 'cli/audit/options/hmac_accessor.mdx'

<br /><hr /><br />

@include 'cli/audit/options/log_raw.mdx'

<br /><hr /><br />

@include 'cli/audit/options/prefix.mdx'

## Command flags

<br />

@include 'cli/audit/flags/description.mdx'

<br /><hr /><br />

@include 'cli/audit/flags/local.mdx'

<br /><hr /><br />

@include 'cli/audit/flags/path.mdx'

## Standard flags

<br />

@include 'cli/standard-settings/all-standard-flags-but-format.mdx'

## Examples

Enable a `file` type audit device at the default path, `file/`:

```shell-session
$ vault audit enable file file_path=/tmp/my-file.txt
Success! Enabled the file audit device at: file/
```

Enable a `file` type audit device at the path, `audit/file`:

```shell-session
$ vault audit enable -path=audit/file file file_path=/tmp/my-file.txt
Success! Enabled the file audit device at: audit/file/
```

